Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203136353039.roa
File:                     38342e33382e3234372e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          tKwnQjgrju6YNWMsZluQj8pql6RUUJ7fcvGo9fbcl3Y=
Subject key identifier:   D0:DE:B6:05:54:EE:EB:89:EB:6A:E4:06:89:67:1E:FE:B1:00:D0:2C
Certificate issuer:       /CN=861a9d357d53d5459484a1f5921704e762641a62
Certificate serial:       693FE975FD1E4F4D884382D46F34C5CA20EC0BB4
Authority key identifier: 86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
Subject info access:      rsync://0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203136353039.roa
Signing time:             Wed 06 Nov 2024 05:51:51 +0000
ROA not before:           Wed 06 Nov 2024 05:46:51 +0000
ROA not after:            Wed 05 Nov 2025 05:51:51 +0000
asID:                     16509
IP address blocks:        84.38.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl
                          rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:3f:e9:75:fd:1e:4f:4d:88:43:82:d4:6f:34:c5:ca:20:ec:0b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=861a9d357d53d5459484a1f5921704e762641a62
        Validity
            Not Before: Nov  6 05:46:51 2024 GMT
            Not After : Nov  5 05:51:51 2025 GMT
        Subject: CN=D0DEB60554EEEB89EB6AE40689671EFEB100D02C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:57:fb:19:fd:cd:ef:ec:ef:db:af:d7:03:9e:
                    54:43:81:3f:a1:cd:cc:14:c2:ae:51:91:79:d6:1d:
                    b0:79:2a:f5:9e:c2:2c:a9:e2:56:ad:1d:77:55:b4:
                    dc:f9:2b:af:69:16:f3:9d:fe:08:94:37:7b:c3:fa:
                    af:3a:f4:88:f7:f5:4d:56:8b:fc:f7:93:7d:0f:ba:
                    e2:19:2f:0c:61:85:4e:2e:92:36:26:e8:19:79:a9:
                    73:1e:6d:cc:46:4d:46:2b:d6:36:da:c3:ee:df:5a:
                    d1:4a:47:3d:4b:f6:49:3a:54:34:27:6e:0a:8d:de:
                    58:cb:82:90:38:83:a9:0d:5d:6c:75:b4:21:6c:a6:
                    ee:88:fa:b8:f5:62:06:6b:07:40:0b:7b:aa:be:ba:
                    fc:b4:ff:0f:fe:80:f4:d6:af:a1:12:2f:51:97:2b:
                    34:11:ff:5b:3b:0a:50:d1:e2:42:1c:c8:2b:31:6c:
                    22:15:e1:58:22:c5:30:ab:5f:33:ce:94:3d:a9:5c:
                    84:2d:7a:ee:0a:1e:2f:a4:f5:f2:10:41:a6:1c:98:
                    0d:02:09:7a:f5:ab:38:79:fe:87:84:25:a5:33:29:
                    39:9d:2a:9c:ad:9b:52:18:25:33:5e:2e:83:de:75:
                    f2:e8:73:40:64:ed:c9:92:5e:f6:44:c1:ff:41:18:
                    58:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:DE:B6:05:54:EE:EB:89:EB:6A:E4:06:89:67:1E:FE:B1:00:D0:2C
            X509v3 Authority Key Identifier:
                keyid:86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:f5:25:3c:1d:9b:ca:e3:c6:2b:f3:5e:7e:54:ce:03:b6:90:
         3a:29:d8:cf:e4:d8:64:bf:ff:4f:65:02:d6:e2:a2:e4:b4:39:
         59:70:17:71:98:f8:1c:db:0c:ed:be:2e:38:9c:7e:aa:0e:68:
         fc:67:56:f3:04:61:8e:6e:9e:6f:55:08:9c:fa:1b:33:83:61:
         d3:6d:10:1c:17:cb:48:4f:8c:68:0f:2f:2c:64:29:9b:18:78:
         6e:35:1c:67:8f:cf:38:91:aa:e3:77:51:fb:a6:85:69:6f:1e:
         5a:66:e7:4b:31:e8:4d:b1:79:d2:52:c5:5b:d3:fb:96:f0:ab:
         3e:e3:bb:52:66:62:00:de:00:9c:5f:f9:62:f6:cf:ac:4b:fe:
         31:25:a8:d6:0d:4a:7d:a2:d5:d6:92:0d:3e:34:12:9d:1f:fe:
         ff:73:db:b4:85:0b:d1:77:74:e3:11:54:d3:60:8a:63:0b:60:
         cc:e3:f0:a3:71:77:cc:64:9d:2e:2e:4d:50:69:d9:aa:a1:5d:
         c1:c2:26:4d:8f:17:cc:2d:c5:fc:94:54:fb:19:29:61:ec:49:
         e9:52:01:f9:30:b9:6f:b4:38:3e:a1:56:b4:b7:04:8b:2d:0f:
         be:67:b5:d2:40:98:54:19:fb:e0:8a:91:80:a2:d6:16:5b:bf:
         f7:41:ec:42
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUaT/pdf0eT02IQ4LUbzTFyiDsC7QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODYxYTlkMzU3ZDUzZDU0NTk0ODRhMWY1OTIxNzA0ZTc2
MjY0MWE2MjAeFw0yNDExMDYwNTQ2NTFaFw0yNTExMDUwNTUxNTFaMDMxMTAvBgNV
BAMTKEQwREVCNjA1NTRFRUVCODlFQjZBRTQwNjg5NjcxRUZFQjEwMEQwMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1V/sZ/c3v7O/br9cDnlRDgT+h
zcwUwq5RkXnWHbB5KvWewiyp4latHXdVtNz5K69pFvOd/giUN3vD+q869Ij39U1W
i/z3k30PuuIZLwxhhU4ukjYm6Bl5qXMebcxGTUYr1jbaw+7fWtFKRz1L9kk6VDQn
bgqN3ljLgpA4g6kNXWx1tCFspu6I+rj1YgZrB0ALe6q+uvy0/w/+gPTWr6ESL1GX
KzQR/1s7ClDR4kIcyCsxbCIV4VgixTCrXzPOlD2pXIQteu4KHi+k9fIQQaYcmA0C
CXr1qzh5/oeEJaUzKTmdKpytm1IYJTNeLoPedfLoc0Bk7cmSXvZEwf9BGFgZAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQU0N62BVTu64nrauQGiWce/rEA0CwwHwYDVR0j
BBgwFoAUhhqdNX1T1UWUhKH1khcE52JkGmIwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzMzLzg2MUE5RDM1N0Q1
M0Q1NDU5NDg0QTFGNTkyMTcwNEU3NjI2NDFBNjIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9oaHFkTlgxVDFVV1VoS0gxa2hjRTUySmtHbUkuY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzMvMzgz
NDJlMzMzODJlMzIzNDM3MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjM1MzAz
OS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFQm9zANBgkqhkiG9w0BAQsFAAOCAQEAovUlPB2byuPGK/Ne
flTOA7aQOinYz+TYZL//T2UC1uKi5LQ5WXAXcZj4HNsM7b4uOJx+qg5o/GdW8wRh
jm6eb1UInPobM4Nh020QHBfLSE+MaA8vLGQpmxh4bjUcZ4/POJGq43dR+6aFaW8e
WmbnSzHoTbF50lLFW9P7lvCrPuO7UmZiAN4AnF/5YvbPrEv+MSWo1g1KfaLV1pIN
PjQSnR/+/3PbtIUL0Xd04xFU02CKYwtgzOPwo3F3zGSdLi5NUGnZqqFdwcImTY8X
zC3F/JRU+xkpYexJ6VIB+TC5b7Q4PqFWtLcEiy0Pvme10kCYVBn74IqRgKLWFlu/
90HsQg==
-----END CERTIFICATE-----